Next-Gen CASB Blog

Swiss Cheese and MDM: The Fallacy of Cross Platform Support

I recently came across this Microsoft Technet article that includes an interesting table outlining support for 62 mobile device management (MDM) features across a series of operating systems - iOS, Android (and the now defunct Samsung Knox), Windows Phone, Window RT, and "Exchange Connector" (Activesync).

The fact that there are 62 MDM features is scary enough, but the more I looked at the table, the more it occurred to me that there was very little OS support overlap across features. In other words, Feature 1 might be supported exclusively iOS, while Feature 2 is supported exclusively on Android, ... Specifically, an incredible 68% of features are supported by only 1 of the 5 operating systems broken down in the Microsoft table.

Here's what the data looks like:

While this is the feature matrix of only one vendor, you will find similar gaps when looking at other MDM vendors, as MDM capabilities are limited to what the OS vendor has decided to build into their platform (which is partially why we saw MDM commoditize as rapidly as it did - very little room for vendors to innovate).

I can't help but wonder - how does one create a reasonable, cross platform device management policy when there is almost no feature overlap across device types? Anecdotally, the answer for most is that they have different policies for each device type, or that they only support Apple iOS.

At Bitglass, we decided early on that the ability to protect corporate data on mobile devices cannot be at the mercy of operating system vendors. Our data-centric approach to mobile security works across device types - including not only iOS and Android, but Mac OS X, Windows, and any other device your employees decide to show up with next week. How is that possible? We operate from the network - controlling the data on the device via a series of proxies and proprietary controls that allow you to accomplish everything (and more) that you can accomplish with MDM/MAM, but with no device dependencies and no requirement to install software on employee devices.